JSF 2.0 comes up with annotation. However in JSF 1.2 we defined attributes in faces-config.xml file.
In JSF 2.0 we have two options, either make use of annotation or use faces-config.xml. What is better approach? Writhing the properties in faces-config.xml is easily manageable, whereas writing annotation in each file is somewhat not easily manageable.
Annotations are generally preferable because they keep information about a class with the code of the class, so you don't have to look in another place to understand it. It also reduces duplication of information because you don't have to write out the class name to specify what class the annotation belongs to.
Then again, for some things it can be valuable to have all information of a certain kind collected in one place (e.g. URL mappings). Fortunately, annotations and XML configuration are compatible, so you can put some things into XML and use annotations for everything else.
Well, this is absolutely depends on you, but annotations are the "modern" way of programming. Code is becoming more readable and maintainable with them. IMHO annotations are less vulnerable to errors because you don't have to maintain a huge file of XML entries, but you have just few lines of annotations per each file(also it's nice when you open a file and immediately see that this class is a managed bean). so code is becoming more self-commenting.
If I were you I would definitely go with annotations, IMHO it's far more easy to manage them.
Related
Say I do a page import of the domain in GSP, for example:
<%# page import="com.sample.entity.Book" %>
To use it to your page via
<g:select from="${Book.list()}"
optionKey="id"
optionValue="title"
name="bookSample"/>
Is this bad programming practice to use the import? I am very new to Grails and have seen this practice in a lot of tutorials, but my lead would discourage me to do this because according to him hackers can easily get the data from the db. I've been arguing against it but I guess I need some support.
I do agree with that on the above it is more ideal to use the controller to get the list of Books - but I think I do not get the idea that using the <%# page import="" %> is bad coding because it makes the page vulnerable.
I know that GSPs are compiled and so no reference of the import is visible to the HTML pages.
Update: thank you all for giving your inputs. I've updated the question to give it more focus. If someone told you it is wrong and this was the reason - you kind of think beyond best practices and more on security, which I truly can't imagine how, through an import
I'm not so sure about the "hackers will do bad things" reasoning, but there is a better approach to using GORM directly in the GSP.
Let's be clear, using GORM directly in the GSP isn't technically wrong, it's just a bad practice. Why? It's not giving you a clear separation of your Model and View.
Your view (GSP) shouldn't be building the model. It should simply be using it to render a view. Your controller, however, really should build the model that your view (GSP) uses.
In your example that model comes from a GORM query. However, in the future you may end up delegating that to a service that uses some micro-service instead.
Since the model is being constructed in the controller and not the GSP you won't have to comb through all your GSPs and find where you would need to refactor that. It should be as simple as changing the controller.
That's the real reason why you should avoid using GORM in a GSP directly. Separation of concerns.
As far as the actual importing of the domain is concerned? That's not really a bad practice, since your model will likely contain domain instances. It's a bit verbose (and not really needed for the most part) but that verbosity also lends itself to documenting what domain classes are being used by a view.
I typically don't use specific imports in my GSPs because I've found that the model changes over time and maintaining the imports becomes an issue.
Update After giving it even more thought I can't for the life of me come up with a true reason why using imports in your GSP would be considered a security risk. You're lead has a lot of explaining to do, or you need to replace him.
I have found that the less logic you use in your GSPs, the better, as the bigger and more complex they get, they become unmanageable and incredibly hard to debug; specially if you've got nested templates.
Grails' scaffolding itself does it, and I believe it to be an awful practice-- the view data should be populated in the controller, which itself should get the data from a service that makes the domain objects interact in meaningful ways, or hits up a database transactionally.
I have gone through the Spring Security video on this page.
Around 36:30 he talks about securing methods using security annotations along with the method signature as shown below:
#Secured("ROLE_USER")
public String create();
Why do we need to keep the annotations along with the method? (since security annotations do not have anything to do with what the method does)
Can I get these annotations out into a separate file so that I can change them without modifying the actual code? (probably using something like Spring AOP features)
Yes, you can do it thanks to Spring AOP:
<global-method-security>
<protect-pointcut expression="execution(* com.domain.service.*.*(..))" access="ROLE_USER"/>
</global-method-security>
Ajust expression to your needs.
XML declarations are good from flexibility point of view. Consider following cases:
you want to reuse some service in two modules but you want to have different security rules.
you want apply some security restriction on per package basis
It is possible only with XML.
Annotations are good from readability point of view. When you see some method then you can view all security restrictions directly. No need to open some XML file each time and think about expressions (is it applied for this method?). So it's easy.
Do not mix both approaches. It's so confusing. Check your needs and choose the best one for you project.
Currently I have only one controller AppController (SessionScope - ManagedBean) that handles all of the requests and logic of my system, but somehow this doesn't seem right. I want to make this project as modular as possible so it can be very easy to maintain.
I have read a little about Dependency Injection, but I just can't make it work, that is, I don't know what's the issue with the "scope" of the beans. For example, I have my AppController and my Users bean, but I can't make use of the AppController from the Users bean (although I have tried with dependency injection). I think that the logic of the users (edit names, set relationships, etc.) must be handled by the Users bean, but right now those tasks are handled by the AppController, which doesn't seem right.
The issue is, Is there any good tutorial where I can learn how to make a proper use of the JSF 2.0 framework? My objective is to make the AppController as light as possible. I have found several tutorials, but they seem to be more focused on older versions of the JSF or I just don't happen to understand them (maybe they are too technical, I don't know).
Any help with this would be very appreciated.
As to the concrete problem, you shouldn't have a single managed bean which acts as a front controller to handle all requests. JSF's own FacesServlet is supposed to do that. The common consensus is to have a single request/view scoped managed bean per <h:form> you have. And one or two session scoped bean(s) to represent the logged-in user and its settings like locale, if any. You could have an application scoped bean for applicationwide data such as dropdown constants.
As to the concrete question (which is rather subjective and per definition offtopic here, but ala), there is not really a simple tutorial for this. It's a matter of understanding what you're doing and what the code is doing and ultimately using the right tool for the job. In order to learn that, you've to read a self-respected JSF2 book from top to bottom and play a lot around with simple projects. JSF can't be learnt and fully understood in 1 day. It took me years. You can find useful links/references in our JSF wiki page.
I am a complete noob when it comes to grails (and still very noobish when it comes to groovy) so I apologise if this is a dumb question.
I am building a simple web app and I want to control portions of the domain in my app based on file system objects (i.e. directory structure and file type) rather than database data. How easy is it to do this or are the domain objects so entwined with GORM that it is not worth the effort to try?
I ran into this question myself a couple of weeks ago.
You can just add the following snippet to the Domain Class.
def isAttached()
{
return false
}
Now it isn't connected to your database. Voila!
You can also use:
class YourDomainClass {
static mapWith = "none" // disable persistence for this domain class
See grails documentation and this answer. Appears to have been added in Grails 2.0.1 but not documented until version 2.3.0.
There is no built-in way to map domain classes to file system objects as you've described, but equally there is no requirement that your domain classes map to a relational database. The subject of how to create a Grails app that doesn't use a relational database is addressed
here and here (and possibly elsewhere).
A couple of ways to do this.
First, you can declare your properties that map to file system data as transient, and go to file system when getters / setters are called (you have to override them). You can also load them using onLoad if you need them to be in memory always.
Second - Hibernate handles the persistence. Hibernate allows for you to define your own user type, which can handle the persistence whichever way you want. This way it might happen for you more transparently (though you'd have to make sure you understand hibernate fairly well, to make sure there aren't any side effects, I am not sure).
http://i-proving.com/space/Technologies/Hibernate/User+Types+in+Hibernate
I've been looking at Groovy on Grails and noticed a line at the bottom that says:
Grails aims to bring the "coding by convention" paradigm to Groovy.
What exactly is coding by convention?
Convention over Configuration (aka Coding by convention) is a software design paradigm which seeks to decrease the number of decisions that developers need to make, gaining simplicity, but not necessarily losing flexibility.
The phrase essentially means a developer only needs to specify unconventional aspects of the application. For example, if there's a class Sale in the model, the corresponding table in the database is called sales by default. It is only if one deviates from this convention, such as calling the table "products_sold", that one needs to write code regarding these names.
When the convention implemented by the tool you are using matches your desired behavior, you enjoy the benefits without having to write configuration files. When your desired behavior deviates from the implemented convention, then you configure your desired behavior.
From "Convention over configuration" article on Wikipedia.
In the context of Grails, "coding by convention" means that a lot of (tedious and repetitive) explicit code and/or configuration is replaced by simple naming and directory structure conventions. For example:
Any class whose name ends with Controller in the grails-app/controllers directory is automatically a Spring controller and closures defined in it will be bound to URLs - you don't have to configure this in an XML file as you would have to when using pure Spring.
The same goes for taglibs (grails-app/taglib directory) - no more tedious TLD files!
Domain classes in grails-app/domain probably have the most "convention magic", being automatically mapped to an automatically generated DB schema - with DB table and column names being by convention identical to the domain property names.
Coding by convention vs coding by configuration:
The idea that you have certain placing or naming conventions for stuff so you don't have to explicitly tell the program where stuff is or what it is called.
For example, in ASP.Net MVC there is a convention for where the views are stored and what they are called. This means that when your code instructs the server to return a view, the runtime will look for a view with a certain naming structure in certain folders. See page 20 in this pdf for more clarity.
Another example would be naming conventions for methods. For example, in an event-driven language you could have a choice to explicitly declare which method handles which events or you can rely on a naming convention - like ..._OnOpen or ...OnClick and then rely on the runtime to figure out the correct method to call for a given event.
Lots of conventions here:
How to name HTML elements so they're easily accessible as parameters from the HTTP request;
How to relate object attributes to table and column names in the database;
How to arrange a project into directories/packages;
It's what you do when you find yourself solving a common problem in a particular style. You notice similarities and codify them into some automation scheme.
See Convention over Configuration. It's the concept of designing a tool or framework to have the most common configuration options as the defaults, so for the vast majority of users no configuration is required.
It means if you stick to certain coding conventions as defined by whatever convention-based framework you are using, you get a lot of functionality for free. In other words, if you structure your application in accordance to what the framework expects, a lot of work can be saved.
It would be a good idea to look up the advantages and disadvantages of coding by convention.